Shorewall users - Apr 2003 - multiple nets

Hello,

I have been going over the config files, looking over the pages and the
archives but could not find an solution for our problem. I have build
an router based on RedHat 9 which has the IP adress 192.168.23.13
While being at the office were we have the 192.168.23.0/24 range
I can Internet fine without any problems. But we have two offices
at the 192.168.27.0/24 and 192.168.29.0/24 range. I''m at the .29
office but I can not go on the Internet I''m even not allowed to ping
the
router at 192.168.23.13 from 192.168.29.xx

Router at Lichtenvoorde office 192.168.23.13
Network Office Lichtenvoorde 192.168.23.xx
Network Office Duiven 192.168.27.xx
Network Office Eibergen 192.168.29.xx

interfaces:

net     eth0    public.ip.internet.255  blacklist
loc     eth1    192.168.23.255

masq:

eth0    192.168.23.0/24
eth0    192.168.27.0/24
eth0    192.168.29.0/24

policy

loc             net             ACCEPT
loc             fw              ACCEPT
locdv           all             ACCEPT
loceb           all             ACCEPT
fw              net             ACCEPT
net             all             DROP            info
all             all             REJECT

rules:

ACCEPT  net     fw      tcp     21,22
DROP    net     fw      tcp     80
DROP    net     fw      tcp     113
DROP    net     fw      tcp     135
DROP    net     fw      tcp     1432
DROP    net     fw      udp     1432
DROP    net     fw      tcp     1433
DROP    net     fw      udp     1433
DROP    net     fw      tcp     1434
DROP    net     fw      udp     1434

zones

net     Net             Internet
loc     Local           Local networks
locdv   Duiven          Network Duiven
loceb   Eibergen        Network Eibergen
#dmz    DMZ             Demilitarized zone




------------------------------------------------------------
This message has been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
------------------------------------------------------------

On Thu, 24 Apr 2003, J.M. Althoff wrote:
> I have been going over the config files, looking over the pages and the
> archives but could not find an solution for our problem. I have build
> an router based on RedHat 9 which has the IP adress 192.168.23.13
> While being at the office were we have the 192.168.23.0/24 range
> I can Internet fine without any problems. But we have two offices
> at the 192.168.27.0/24 and 192.168.29.0/24 range. I''m at the .29
> office but I can not go on the Internet I''m even not allowed to
ping the
> router at 192.168.23.13 from 192.168.29.xx
>
If you "shorewall clear", are you able to ping 192.168.23.13 from 
192.168.29.xx? If not, you have a routing problem.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

On Tue, 29 Apr 2003 14:33:31 +0200, J.M. Althoff 
<m.althoff@bonsenreuling.nl> wrote:
>> > I have been going over the config files, looking over the pages
and
>> the
>> > archives but could not find an solution for our problem. I have
build
>> > an router based on RedHat 9 which has the IP adress 192.168.23.13
>> > While being at the office were we have the 192.168.23.0/24 range
>> > I can Internet fine without any problems. But we have two offices
>> > at the 192.168.27.0/24 and 192.168.29.0/24 range. I''m at
the .29
>> > office but I can not go on the Internet I''m even not
allowed to ping
>> the
>> > router at 192.168.23.13 from 192.168.29.xx
>
>
>> If you "shorewall clear", are you able to ping 192.168.23.13
from
>> 192.168.29.xx? If not, you have a routing problem.
>
> We have three network 192.168.23.0 / 192.168.27.0 / 192.168.29.0
> And two ISDN routers 192.168.23.50 the bridge between 23.0 and 27.0
> and  192.168.23.51 the bridge between 23.0 and 29.0  I have made
> an router connected on eth1 192.168.23.13 and adsl side
> eth0 217.166.74.24
>
> It looks like route but then even with routing ok I found some problems
> defining subnets.. Basicly user at 23.0 / 27.0 / 29.0 should be able go
> cross networks and able to go on the internet via 192.168.23.13
> From my machine at 23.19 (Win2k I can go on the Internet just fine
> but can not access other network 27.0 29.0
Which version of Shorewall are you running?

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

On Tue, 29 Apr 2003 16:33:33 +0200, J.M. Althoff 
<m.althoff@bonsenreuling.nl> wrote:
> Tom,
>
>> Which version of Shorewall are you running?
>
> Thank you for your quick respons
>
> $ shorewall version
> 1.4.2
>
> Installed from RPM shorewall-1.4.2-1.noarch.rpm
>
Then try setting the ''routeback'' option on eth1.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net